Password Management Software for Teens

Posted by Sameer Hinduja on July 30, 2015

Think about how many times every day you use a password on a phone, computer, social media site, gaming network, or another online account. Passwords are a huge part of our daily lives. Technically, they serve as authentication to identify people as being who they claim to be. Correct authentication is supposed to prevent others from accessing or altering your personal data, so passwords should be kept very secure. Unfortunately, some people put themselves at risk of cyberbullying, identity theft, or other dangers by sharing or exposing their passwords. For instance, we’ve asked hundreds of groups of students if they know any of their friends’ passwords. The majority say ‘yes’ every single time!

I’d chosen to give my Facebook password to one of my “best friends.” She was friends with a girl who I’d been having some bullying problems with. One day my “friend” was at my enemy’s house and decided to get on my Facebook and delete all my pictures. Then they took a picture of this boy that I really liked and put it as my profile picture. They wrote all over my profile so all my friends saw it. It was really stupid, but it hurt me so badly.
~ 15 year-old girl from North Carolina

Maybe you would never share your passwords on purpose. However, you still might reveal them accidentally. A lot of people store and remember their passwords in ways that make it easy for others to find them. One person might leave her passwords on a sticky note next to her computer, or taped under her keyboard. Someone else might save them in a text file or Excel spreadsheet right on his computer’s desktop. Another person might even leave them in a small notebook that she carries around in her backpack or purse, or in the Notes app on her phone. It doesn’t take Sherlock Holmes to notice these sorts of things! And, not only are they easily discoverable, they are also easily lost or deleted.

Even if you’re careful about never putting your passwords in easy-to-find places, and even if you never share them with others, that doesn’t mean they’re completely safe. For example, some websites have security questions that let users retrieve forgotten passwords. If the user answers the questions correctly, he gets an email with a link to reset the password. Common password hint questions include “What is your pet’s name?” or “What is the first car you drove?” I know Justin’s pet’s names, and the first car he drove – and if I can get into his email account, I can consequently access a lot of his other information, too. And that might allow me to change passwords on his other online accounts— simply by having access to his email and knowing a few basic facts about him. Of course, I could also impersonate him, lock him out of his profiles, delete his carefully curated images and posts, or even do something criminal via his account. The possibilities are endless, and this can (and has) happened to many people.

Plus, some individuals tend to use the same password for multiple accounts— school and personal email, Facebook, Twitter, Instagram, Skype, eBay, PayPal, and more. That makes it easy to remember, but it also means that if someone finds out the password to a single account, he can then get into all the other ones, too. As such, it’s wise to have a different password for every site or account you use, and to keep track of all your passwords in a way that’s safe and secure, yet still convenient. We would therefore like to recommend some software solutions that will help you keep a tight leash on your private information. We’ve evaluated each of these password managers, and list out with the pros and cons below. Whichever method you use to keep track of your passwords, just make sure you figure out a solution that doesn’t leave you vulnerable to cyberbullying or other online risks.

How convenient would it be to only have to remember one master password that allowed you to safely use all of your favorite apps and sites without having to also remember the unique account information for all of them? LastPass allows you to securely browse the web, and log into all your favorite sites by only having to remember one master password, and the best part is the automatic form fill feature. This allows you to input all your personal information one time, and then it will remember everything for any future use. According to the LastPass website, we should be using passwords that look like “KQo=3oyB>VXG^-6.” With that being said, it is unrealistic for any of us – especially teenagers – to create and use ones like that because of their complexity and difficulty to remember them. LastPass, though, will generate all of these tedious but very secure passwords for all your different accounts, remember them, and populate the appropriate form fields with them at your online account sites. It can also import and use the login and password information you’ve already saved in your web browser.

Furthermore, LastPass provides a great feature called a “secure note” which allows you to keep everything from your social security number to your bank account information to your health insurance details, all sorted out in sections, but allowing you access them in one spot. It even allows you to attach pictures and videos, which is a great way to ensure that your private photos stay private even if someone else obtains access to your phone. LastPass offers different methods of overall security; one of my favorites is a fingerprint feature for unlocking your phone (regardless of its model or version). Other methods of screen unlocking are swiping, patterns, pins, and passwords. It also provides full Web-based access to all of your login and password data (encrypted, of course). LastPass offers a free 14-day trial, and then you have the option to sign up for a $1.00 monthly charge for unlimited premium access. The bottom line is that you can create an account with one password, and LastPass will do the rest. You can access your account on your mobile device, laptop, and desktop computers, as supported platforms include iPhone, Android, Linux, Windows, and Blackberry.

Dashlane is a product which also has the master password, auto form-fill, and digital wallet features like LastPass, but comes with a few notable features. First, it allows you to set an emergency contact who can have access to limited information of your choosing in case of some sort of emergency or death. It also allows you to record all of your online purchases by saving your receipts and any relevant screenshots you might want to include. In addition, Dashlane offers an automated password changer. We all know we are supposed to change our passwords regularly, but very few actually prioritize this task (don’t feel condemned, we understand! J). With the simple press of a button, Dashlane will recognize all your weak passwords and suggest a change. You then have the option to change one or multiple passwords at once. And again, the best part is that they can be convoluted and abstruse, but you don’t have to remember them as that is what the software does for you. Like LastPass, it creates and stores an encrypted backup of all of your login data in the cloud, and allows you to login and see it from any browser.

To increase the security of your account, you can also use two-factor authentication via Google Authenticator. Basically, this adds a layer of protection by validating devices that you seek to login with, and sends you a code via text to your verified smartphone – which you’ll need before you want to access Dashlane on any device. You might think this precautionary measure is overkill – but it is worth the extra ten seconds to receive and type in a code so that just knowing the master password won’t be enough.

Dashlane intuitively walks you through the app on your Android or Apple device, making it very user-friendly. You have unlimited, basic free access to this application and a 30 day premium trial. Dashlane is on the expensive side, but our priority is maximum security. For $39.99 a year for premium membership, you can feel safe when you access your bank account, when you go online shopping, and with their auto-login feature you will save a lot of time! The software even allows you to set an emergency contact, in case of any critical matter. This emergency contact then would have access to limited information of your choosing, should you die or be otherwise incapacitated. Another cool thing is that you can tie multiple pieces of the same type of personal information to one identity. For instance, you might want to have two phone numbers or two email addresses to one – it allows you to do that. Finally, Dashlane lets you keep a history of all your purchases by allowing you to screenshot online transactions and receipts. Dashlane currently supports PC, Mac, Android, and iOS devices.

The SplashID password manager is very elegant and user-friendly, and like the others stores your passwords, credit card information, and anything else you can think of inside of “Business” and “Personal” Categories. As silly as it may sound, you can even store size information for clothes, shoes, etc. (right now, I actually have size information in my Notes app for my home’s air conditioning filters, my car’s air filter, the ring sizes of loved ones, and so much more – and could use this app instead!) A downside to this app is the lack of auto-fill. For example, if I created an account with my basic contact information on it (like my first name, last name, address, city, state, zip code), it would not pre-populate the same fields on another site asking for the same information. I’d have to enter all of my details again. Like the aforementioned managers, SplashID offers strong password generation, and all you have to do is remember your master password. You are also provided with one master password hint, in case you forget it.

After installing this product, you have free access to basic protection, or for 19.99 a year you can use their Pro features, which gives you priority customer service 24/7 and the feedback on the latest security threats. Unlike many of the other password managers, SplashID automatically syncs all your information to the Cloud (automatic secure storage accessible through many devices). This app also has a very cool feature that I did not notice while using other password managers: if you are idle for any specified amount of time from your phone, the app automatically logs out. While evaluating the other programs, I definitely became aware that if I did not manually log out, the app remained open and therefore my private information was at risk if I left my phone somewhere. This app is accessible on iOS and Android devices, Blackberry, Windows Phone, webOS, and Palm OS smartphones, and there are also desktop versions for Macs and PCs.

RoboForm is also a solid choice as a password managers as it can help you generate and remember very strong credentials for all of your sites. I personally don’t think that it is as user-friendly, elegant, and visually attractive as SplashID, for instance, but it has all of the necessary features to store your login information and related notes, and you are able to save different identities for different websites. For example, you may have one profile saved with your credit card information for all of the sites at which you make purchases, and another identity for all other sites that do not ask for credit card information. This allows you to provide or automatically input the appropriate information at the proper online destination – not too much, and not too little – by simply selecting an identity. RoboForm – like Dashlane – also allows you to tie multiple pieces of the same type of contact information to a single identity if you wanted to do so (e.g., three street addresses to one profile).

One downside is that there hasn’t been a major feature update in a while, and so it seems the software hasn’t stayed up-to-date with the various changes in web development. For example, it doesn’t properly fill every single pop-up window or JavaScript window that might prompt you for login information. Accepted platforms for RoboForm are Windows, Apple, Android, and Linux – and it syncs across all of your devices. You can use RoboForm for a 30 day free trial and then you have the option to continue your membership for $9.95 for the first year. Cool tip: RoboForm offers free unlimited use for college students and professors!

Norton products are well-known and respected for their antivirus protection capabilities, and now has this new feature which you can download on your computers and phones for free, and use to securely store all your important personal information in one app. It also warns you of malicious sites that might compromise your identity and seeks to alert you if there are any rogue scripts or elements in place so that you don’t fall prey to “phishing” schemes (where the site seems legitimate but is actually fraudulent). This software is very user-friendly and simple to install and set up. You can import passwords stored in your browsers (but not from other password management applications you may have used in the past). Then, when you input your information in a new site, it does what all of the others do – saves it and subsequently fills in that information when you revisit that site in the future. Norton Identity Safe, like the others, offers syncing to the Cloud, but the software itself does not have a password generator to help you create stronger passwords. In addition, it performed less optimally than Dashlane or LastPass in storing all passwords I typed in, and populating all of the form fields at various sites. This program is available for Windows, Mac, Android, and iOS.

Password Genie provides you with all the basic essentials; auto-filling for forms, browser import, you can have access to your account in up to 5 devices with unlimited users, and if you can’t find a category to save your most important documents, you can add your own. Like all the other apps, you have to create a master password, and as you are creating it Password Genie will let you know how secure your password is and advise you to make it stronger if necessary. It also recognizes whenever you input updated information at various sites, and consequently updates its own database. It also deserves comment that this product does a better job than others on unusual login situations (for instance, my bank has a two-page SiteKey system which it could handle).

Another useful feature if you ever get into a pinch is that Password Genie offers live chat help, and remote viewing and access for the desktop version. The remote viewing and access allows the support agent to access your computer as if they were in front of it themselves to investigate any problem the program might have. The software does not, however, import passwords and content from other management programs (although it does allow you to do so from browsers when you install it). Plus, you can store various kinds of personal information in it – but it does not then take that information and use it to populate form fields on various sites. Rather, it only acts like a glorified vault (and for that purpose, I’d rather just use my Notes app on my phone). Password Genie is now available on Android, Mac, and Window devices. Basic free access is available, and it provides an option to upgrade to a premium version for $11.99 a year.

So – what should you use? Here are my recommendations, in order of preference: LastPass, Dashlane, Roboform, SplashID, Norton Identity Safe, and Password Genie. The top two are the best, in my opinion, because they do everything you’d want them to do and their software versions keeps getting better in meaningful ways (such as adding fingerprint authentication!). LastPass is comprehensive and outstanding in its feature-set and perfect for power-users who want customization and flexibility. Dashlane does pretty much everything LastPass does, but is a bit more attractive and user-friendly (at the cost of flexibility). You should pick one of those.

A final caveat: In addition to using a password manager, don’t forget to change your password regularly. No matter how unusual and hard to guess, it could be compromised without you even knowing it. Sometimes hackers access passwords by finding security holes in databases for popular websites and online stores. Once a cyberbully or hacker has gotten to your password, he might also be able to find your name, email address, and other personal information which could then be used to steal your identity. Sometimes the companies or websites themselves don’t even know that the information has been stolen until weeks or months later. So it’s best to change your password at least once a year. Pick a time of year that will remind you to make the switch. Get in the habit of changing your passwords at the start of each school year, on your birthday, or on some other memorable date. Just make sure you don’t let passwords get stale! As they say, forewarned is forearmed – and using a software-based manager will definitely reduce your vulnerability to victimization, and all of the stress, headaches, and heartache that goes with it. And encourage your students to do so when you see them at the beginning of this school year. It might take a few minutes to set up (like anything worth doing!), and you won’t regret doing it but will regret not heeding this advice.

What the Best Bullying and Cyberbullying Assembly Speakers Do

Posted by Sameer Hinduja on February 18, 2015

Last week I shared what I feel are the most important considerations for schools planning to host bullying assembly programs. This week, I wanted to focus on speakers themselves. As you may know from your own experiences, there are fantastic ones out there, but there are also many who leave a lot to be desired. Justin and I regularly do assemblies all across the United States (and occasionally abroad), and truly enjoy visiting and working with students, staff, and parents in this capacity. However, we simply cannot do them for everyone, as much as we would love to. As such, here are my thoughts on what the best bullying and cyberbullying assembly speakers do.

Speakers need to be relatable.
You may have heard that you win or lose your audience in the first few minutes of your talk. That is a short amount of time, and a lot of pressure to grab and hold their attention. Relatable speakers will deeply connect with the audience by demonstrating complete familiarity of, and appreciation with, the offline and online world of teens (but not in a way that seems contrived or fake). In addition, they must immediately engage students – not with scare tactics – but by clarifying at the onset why what they have to say matters to the students’ very lives. And how their message is different than all of the other anti-bullying messages the students have heard before. And that ultimately, the speaker is on their side. This is usually conveyed differently for elementary, middle, and high schoolers, and is a critically important skill to master. If the presentation somehow betrays that the speaker (and, by extension, the school) just doesn’t “get” kids and teens these days, and doesn’t really understand fully what is going on, its impact will be greatly stunted.

Speakers need to be uplifting.
The overall message, on its whole, should be hopeful and empowering. No one wants to be completely bummed out and depressed after listening to a speaker. That totally and completely drains away the audience’s desire and motivation to try and make a difference. Yes, kids need to understand the weight of pain, regret, and potential consequences that surround bullying and cyberbullying, but they cannot flourish and meaningfully contribute to a better peer and school environment under that burden. No one can. And no one will want to. Speakers must make sure the presentation is balanced, and leaves students feeling fired up and equipped to foster change.

Speakers need to focus on the positive.
Many adults are keen to focus on teen conflict, drama, harassment, and hate, and share those stories in an attempt to motivate youth to do the opposite instead. But we’ve found that those good intentions don’t lead to the desired effect. Instead, it can come across as condescending and preachy. Being subjected to those stories makes teens feel that adults expect the worst of them, and that they need to be managed and controlled instead of trusted and empowered. Justin and I strongly believe that speakers must point out all of the good that teens are doing as they embrace social media and electronic communications, instead of emphasizing all of the ways in which students have screwed up. Speakers should try to inspire them by showing them examples of teens just like them who are making a difference by standing up for what’s right. There are an increasing number of sites sharing meaningful stories of teens (and adults) doing kind things! Check out our Words Wound movement, Huffington Post’s Good News, Upworthy, One Good Thing, or A Platform for Good for ideas. Ideally, seeds will be planted in some of the youth. Then, they hopefully will be motivated to replicate the ideas discussed, or come up with their own (specific to their skills and situations) and work to contribute to widespread change on their campus.

Speakers need to have great content.
The data, stories, and examples they share must align with and reflect what the students have been observing and experiencing on their own, or else their message will be discredited and dismissed as irrelevant. The presentation should be interactive, fun, solemn at times (I mean, we are ultimately discussing a pretty serious topic here!), memorable, smooth, and somehow unique. It should also be updated with the latest research (when appropriate, don’t bore them with bar charts!), trends, headlines, stories, and screenshots. Many speakers want to do this, but honestly never really get around to updating their presentations. This will not win over the audience, and keep them locked in to what is being shared. Speakers should remember that students have heard this message before, and their default reaction will be to tune out because of the way this topic has been browbeaten into them. This is why content is – and always will be – king.

Speakers should include solutions.
Students want to know who they can trust and confide in if they are being mistreated. They want to know how to really, truly get someone to stop being mean, and how to anonymously report problems, and how to block mean people on specific networks or apps. They want clear direction as to how to intervene so that it doesn’t backfire on them, and how best to help others in a way that is safe for them as well. They need clear, specific strategies that are age-appropriate and will actually work. At the same time, schools need to know that a good number of presentations are high on inciting emotional responses but low on solutions. Just make sure you identify your goals at the outset, so you are not left feeling like something was missing after the presentation(s).

Speakers should have a plan for follow-up.
They should have books, materials, activities, resources – something they can distribute to the school so that faculty and staff can debrief with the kids and thereby continue the conversation after the assembly (and, ideally, on a regular basis throughout the year). And the resources should clearly mirror the messages conveyed in the assembly, so that everything builds upon itself. If the speaker doesn’t have content to share, he or she should be able to recommend the best out there. This simply demonstrates that they know the proverbial lay of the land, and have taken the time to figure out what can help the school on a long-term basis with their bullying prevention goals.

Ultimately, a great speaker with great content makes for a great presentation. I know that sounds intuitive, which is why I wanted to drill down into the essential components to show individuals what matters the most. I hope the preceding helps those of you who are out there on the front lines, working hard to raise awareness on this incredibly important issue. If we are spending our lives (and the time, attention, and resources of schools) trying to communicate a truly transformative message, we must give it our best – and do it right.

Submit: The Documentary

Posted by Justin W. Patchin on March 11, 2013

I just previewed the producer’s cut of a new film on the topic of cyberbullying. Admittedly, I was skeptical at first, because I have seen these kinds of productions before and have either been underwhelmed or downright angry at the way the problem was portrayed. But this effort was different and I think has the potential to do some good.

“Submit: The Documentary” presents the perspectives of many who have experienced the problem of cyberbullying from a variety of viewpoints, including victims and parents, but also educators, researchers, legislators, and policymakers. I was glad to see many familiar cyberbullying prevention and education colleagues prominently featured throughout the film, including my friend and Cyberbullying Research Center co-director Sameer Hinduja. Together, they present a clear view of the nature of the cyberbullying problem, and offer their insights about why we need to focus more attention on it.

“Submit” includes the requisite stories of those who have been affected most deeply by cyberbullying. Tina Meier, Donna Witsell, John Lowe, and others who lost their children as a result of, at least in part, experience with cyberbullying remind viewers that these behaviors cannot simply be ignored. Their experiences, while thankfully not representative, are instructive. We can learn a lot from what happened to Megan, Hope, and Johanna, and shame on us if we don’t do things better the next time.

As much as it was important to revisit these tragic stories, and even though it was a nice change to see and hear from some of “the experts” who have devoted their careers to this problem, the indisputable stars of this film were the students. They illuminate a reality of cyberbullying that has largely escaped mainstream media. They talk about why they do what they do, and perhaps even more enlightening, why they don’t do what they don’t do. The teens pointedly acknowledge the challenges of dealing with cyberbullying and related behaviors–most of which stem from a general distrust of adults to do anything meaningful to curb the bullying. Indeed, most young people we speak with say the number one reason they don’t confide in adults when confronted with cyberbullying is because they fear it will only make matters worse. Mike Donlin re-affirms this perspective in his remarks that were featured in the film.

As a film intended to capture broad public interest, “Submit” walks a fine-line between presenting a narrative of cyberbullying that is accurate and one that is shocking, fear-mongering, or otherwise “entertaining.” To be a commercial success, especially in the documentary genre, it seems that a film needs to be portentous, provocative, or overly alarmist. Compared to other films that tackle this subject, “Submit” does a better job balancing the hype with the lived-reality of teens in the 21st Century. For example, “Bully,” the 2011 documentary that followed the experiences of five youth and their families, focused so much on the extremity of the problem that while I was left physically hurting for the families featured I was no better prepared to do anything about it. “Bully” left me with the impression that adults are impotent when it comes to stopping bullying because most of the adults included in that film failed in their efforts, or worse, didn’t try.

To some extent, “Submit” begins to lead viewers down a path toward a similar conclusion: that schools, parents, the police, and other adult institutions are incapable at preventing or stopping cyberbullying. But “Submit” doesn’t stop there and carries the discussion forward, presenting some of the emerging evidence about what does work to stop bullying. Among the promising approaches highlighted is to cultivate empathy among students. Not only will empathetic students refrain from bullying others online and off, but they will also stand up for those who are being targeted. By encouraging young people and empowering bystanders to take action, we have a better chance at making strides to reduce this problem. As Sameer states in the film: “Bystanders can be heroes.” We genuinely believe that. Teens see a lot more of what is going on than most adults and they are, as a result, often in the best position to do something about it.

But they shouldn’t have to do it alone, any more than schools should have to respond to bullying by themselves. Bullying, no matter the form, is a community problem which demands a community response. Educators, parents, police officers, faith leaders, community partners, researchers, technology companies, and yes, teens, have the power *together* to adequately prevent and respond to this problem. “Submit” is a solid reminder and all who care about the online lives of adolescents are encouraged to check it out. Trailer here.

A Positive School Climate Makes Everything Possible

Posted by Justin W. Patchin on August 31, 2012

We have a lot of really great anecdotes and ideas from educators included in our latest book School Climate 2.0:Preventing Cyberbullying and Sexting One Classroom at a Time. Below is one example from our friend Steve Bollar, who is a principal in New Jersey. He is an “in-the-trenches” expert when it comes to developing and maintaining a positive school climate. We highly recommend that you sign up for his regular “Ideas, Ideas, Ideas” newsletter which you can learn more about on his website. Here are his thoughts on why a positive climate at school is so important:

“The climate in a school can either make everything possible or not make everything possible.” That quote is one of the most profound statements about schools that I have ever heard. It is true that instruction and curriculum are important, but neither can be effective unless the climate of the school/classroom is centered on respect, clear expectations, personal responsibility, and recognition. Every school has a climate that is developed through the actions of the school leader. Therefore, it is vitally important that the school leader purposefully works to establish the climate in the way that he or she knows will best benefit the students and staff. The other option is for the school leader to do nothing, thus leaving it up to others to set the tone and develop the climate. That climate may not be positive, empowering, or productive. Instead, it may be demeaning, unclear, and non–student focused.

A school that has a positive climate rooted in clear expectations, and supported with recognition and respect, leads to students and staff making decisions that are in the best interest of not only the school but also themselves. Roy Disney once said, “When your vision is clear, decisions are easy.” It is so true within a school. When your climate, vision, and expectations are clear, deciding whether or not to do the right thing is easy. It leads to the thought process of “that’s the way we do it here.” When students are faced with a choice of going onto a website that is inappropriate or not, whether at home or school, the climate they are most exposed to at school comes into play. Therefore, making the right decision is easier to make.

True, it doesn’t work all the time. Within my building are many students who get into “trouble” with social networks, inappropriate websites, connecting with dangerous people online, and making poor choices in the photos they post on the Internet. Two years ago, we had a large spike in the number of issues and disciplinary action related to Internet behavior. Approximately 25 to 35 percent of discipline during the school year was Internet related. The following year, we implemented a morning homeroom meeting. During this 30 minutes once a week, two adults in each classroom would lead an activity or discussion that focused on the vision and expectations of the school. This practice, once a week, continued consistently throughout the school year. The results were amazing! The number of Internet-related disciplinary issues decreased significantly, and as did the number of overall discipline issues. Problems were either handled more often at the classroom level through discussion and guidance of the teachers, or the lessons learned and reinforced during those morning meeting times guided the thought processes of the students when opportunities to behave inappropriately came up.

At the end of each marking period, my administrative team would look at the discipline report and say, “Wow!” We did not start an anti-Internet campaign or increase the amount of Internet safety training. All we did was connect with students and purposefully strengthen the climate within our building around positive clear expectations and recognition. The end result was students making better life decisions. “The climate in a school can either make everything possible or not make everything possible.”

Help With Fake Facebook Profile Pages

Posted by Justin W. Patchin on July 25, 2012

Imagine you receive an email from a friend that includes a link to a Facebook profile. You click on the link and see your name and picture on the profile. But you didn’t create it. And some of the information included isn’t exactly flattering. In fact, it’s embarrassing, and malicious, and ruining your reputation. Now what do you do? We regularly receive requests from people who find themselves, their kids, or their friends in this situation. The key in responding is to move quickly to gather information and to inform the proper authorities.

If you know who created the profile, ask them to remove it. Facebook has a social reporting tool that allows you to convey your disapproval, and ask that the content be removed, in a respectful way. (You can read Larry Magid’s recent interview with Facebook’s Arturo Bejar where they discuss these options.)

If you don’t feel comfortable with that, or do not know who created it, you can report it to Facebook and it will be disabled while they investigate. If you do not have a Facebook account, you can report imposter profiles here. If the creator of the fake profile attempts to log into the account after it has been reported, Facebook will require the user to prove their identity and display a map that shows where they are at (thereby removing the veil of complete anonymity). I think that is pretty cool! Facebook also educates the user about the consequences of identity theft. The company has developed numerous other tools to help you protect your information and reputation, including a form that allows you to request the records of an account that was impersonating you. Learn about and take advantage of all of these resources.

It is important that you collect as much information about the profile as you can before reporting it to Facebook. Take screenshots (see our fact sheet here) or simply print out the profile and any related information. Note the URL (web address) of the page because it includes the user ID (http://www.facebook.com/profile.php?id=1000000XXXXXXXX) or username (http://www.facebook.com/username). Try to identify all of the people who are connected to the profile (friends or followers). Collect as much information about them as you can. It might help in determining who was behind the creation of the profile.

Overall, the more information you can gather, the more easily it will be to identify who is responsible, and hold them accountable, if necessary. Once the account has been disabled by Facebook, it will be more difficult for you to get the evidence you need. And if the account creator deletes the account before you have a chance to report it to Facebook or collect the evidence, it can be impossible to obtain information about who created it. So move quickly to capture what you can.

If you believe that what was said or posted about you on the fake profile is of a criminal nature (e.g., a threat or a hate crime) or violates your civil rights (e.g., defamation of character or libel), contact local law enforcement so that they can investigate. This is particularly important if you feel that your safety (or the safety of someone else) is in jeopardy. The police are trained to determine whether information contained on the site could be viewed as a “true threat,” or if it violates the law in any other ways. The first thing the investigating officer should do is complete a formal request to Facebook to preserve the page details and accompanying account information before they are deleted by the user who created the page. Officers can do this even before a formal investigation has begun. The sooner this is done, the better. There are more guidelines for law enforcement officers here.

Law enforcement can also assist you in obtaining a subpoena, which is a legal order that requires a person or entity named to show up at court or to produce documents or other information specified (that could be used as evidence in a trial). While the specific procedures can vary by state, law enforcement officers can obtain a subpoena from a judge, county or state prosecutor, or other qualified attorney, once an investigation has begun. Facebook regularly assists law enforcement in responding to subpoenas by providing information about the creator of the account, including their name, email address, date of birth, and some other account identifiers provided by the user when they signed up. Lawyers can also obtain a subpoena for the purposes of obtaining evidence to be used in a civil case.

With a court order (which can only be issued by a judge), law enforcement officers can get additional information from Facebook, including transactional logs such as intra-session IP addresses. The IP address is the unique identifier that every online device is given. With the IP address, law enforcement will be able to determine the Internet Service Provider (ISP). Again using a court order, the officer will be able to obtain from the ISP the billing address and other subscriber information of the person involved.

If during the course of the investigation the officer determines that criminal charges are appropriate, they may obtain a warrant from a judge for the purpose of collecting even more information from Facebook, including the content of the pages (e.g., photos and comments). A warrant is another court order issued by a judge, but it must be accompanied by probable cause that the information requested is necessary for the purposes of investigating a crime. According to the Stored Communications Act: “A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication…only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure…” So without a warrant, Facebook has no obligation to provide the content of the pages. This is a good thing for those of us who use Facebook and other online environments appropriately and legally: Only when we are implicated in a crime should the content of our profiles be turned over to the government.

The differences described above between what information can be obtained through a request, a subpoena, a court order, or a warrant is determined somewhat by the company (Facebook in this case) but mostly by federal and state law. It largely depends on whether the information requested is the property of the company, the Internet Service Provider, or the customer. Technically, everything you post on Facebook is your property, though you give Facebook permission to use that information for certain purposes as a condition of using the site.

Some states include electronic communications in their impersonation or identity theft laws. For example, it is a class A misdemeanor in New York if someone “Impersonates another by communication by Internet website or electronic means with intent to obtain a benefit or injure or defraud another, or by such communication pretends to be a public servant in order to induce another to submit to such authority or act in reliance on such pretense.” Consult with law enforcement or a local attorney to learn more about the specific laws in your state.

In many cases, however, fake profiles are created for a laugh and the persons responsible perhaps do not fully understand the consequences of their behavior. This is especially true in incidents involving adolescents. So if there is no clear threat or other evidence of criminal behavior, resist contacting the police and try to work through the problem informally, involving parents, schools, and other adults as appropriate.

That said, there have been many incidents where students have created profiles about educators or their classmates that have ended up in court. Try to avoid this by proactively educating your children and students about these issues, and by creating a positive climate at school. In that way, hopefully they will not participate in these behaviors and if someone else does create a fake profile about them, they will know what to do and will feel comfortable turning to an adult for help.

Cyberbullying Laws and School Policy: A Blessing or Curse?

Posted by Justin W. Patchin on September 28, 2010

Many schools are now in a difficult position of having to respond to a mandate to have a cyberbullying policy, without much guidance from the state about the circumstances under which they can (or must) respond. When folks ask me if I think there needs to be a “cyberbullying law” I basically respond by saying “perhaps – but not the kind of law most legislators would propose.” I would look for a law to be more “prescriptive” than “proscriptive.” By that, I mean I would like to see specific guidance from states about *how* and *when* schools can take action in cyberbullying incidents. Many states have taken the easy way out by simply passing laws saying effectively “schools need to deal with this.” Not only have they stopped short in terms of providing specific instructions or even a framework from which schools can evaluate their role, but they have not provided any additional resources to address these issues. Some states are now requiring schools to educate students and staff about cyberbullying or online safety more generally, but have provided no funding to carry out such activities. Unfunded mandates have become cliché in education, and this is just another example.

Moreover, school administrators are in a precarious position because they see many examples in the media where schools have been sued because they took action against a student when they shouldn’t have or they failed to take action when they were supposed to. Schools need help determining where the legal line is.

Many states already have existing criminal and civil remedies to deal with cyberbullying. Extreme cases would fall under criminal harassment or stalking laws or a target could pursue civil action for intentional infliction of emotional distress or defamation, to name a few. Bullying (whatever the form) that occurs at school is no doubt already subject to an existing bullying policy. To be sure, schools should bring their bullying and harassment policies into the 21st Century by explicitly identifying cyberbullying as a proscribed behavior, but they need to move beyond the behaviors that occur on school grounds or those that utilize school-owned resources. But in order to do this they need guidance from their state legislators and Departments of Education so that they draft a policy and procedure that will be held up in court. School, technology, and privacy lawyers disagree about what should (or must) be in a policy. It’s no wonder many educators are simply throwing their hands up.

We really like New Hampshire’s recently passed bullying law, even though like other efforts it demands a lot from schools without a corresponding increase in resources. This section is key:

“Bullying or cyberbullying shall occur when an action or communication as defined in RSA 193-F:3: … (b) Occurs off of school property or outside of a school-sponsored activity or event, if the conduct interferes with a pupil’s educational opportunities or substantially disrupts the orderly operations of the school or school-sponsored activity or event.”

This puts schools, students, and parents on notice that there are instances when schools can discipline students for their off campus behavior. It will take many years, though, before we will know if this law can be used as a model. Schools will need to pass policies based on the law; a school will then need to discipline a bully based on the new policy; then they will need to be sued; then the case will need to be appealed. Perhaps then the case will get to a significant enough court that it will matter. Hang on and see how it turns out. In the meantime, lobby your legislators to pass meaningful, prescriptive laws instead of laws that simply say “cyberbullying is wrong, now YOU do SOMETHING about it.” It’s election time, so I’m sure your local representative will be all ears…

New Report: “Youth Safety on a Living Internet”

Posted by Justin W. Patchin on June 5, 2010

The Online Safety and Technical Working Group just released their comprehensive report “Youth Safety on a Living Internet” detailing the current state of knowledge, practice, and tools regarding safeguarding our youth while they explore technology. The Report focused primarily on identifying industry efforts to promote online safety through education, technology, content, and other measures. In short, the Report recognized some promising approaches but acknowledged there is much more work to be done.

As the title suggests, the Internet is constantly changing. This creates particular challenges for adults who are simply trying to keep up. No matter how the Internet (and technology more broadly) changes, we as adults must also adapt so that we can teach our children the practical rules of the digital road. And this Report gives us some guidance with respect to how we should proceed. For example, the authors note: “In focusing so much on blocking new media from school as a protection, schools are failing to do with today’s media what they have long done for students with traditional media – enrich and guide their use” (page 3). This is an issue many educators are struggling with. They see the value in technology and can see great potential for its use as a pedagogical tool in and outside of the classroom but are disinclined to risk their job or reputation for the possible negative repercussions. It’s simply easier to ban technology from the classroom and prohibit teachers from interacting with students online than to develop comprehensive policies and practices to manage its utilization. Frankly I don’t blame them for being gun-shy about this. Unfortunately this approach is stunting our ability to move education forward. One of the many important recommendations from the Subcommittee on Internet Safety Education on page 7 was to “Encourage full, safe use of digital media in schools’ regular instruction and professional development in their use as a high priority for educators nationwide.”

Another important insight identified in the report is that it will take a multi-disciplinary and varied effort to accomplish our goal of educating teens about online safety and responsibility. Indeed, the Working Group was comprised of folks from across the spectrum (industry, academia, government, the media, and elsewhere). Moreover, the group was quick to acknowledge that there is no magic pill or piece of software or school curriculum that by itself will appease our concerns or fully protect our kids while online. “There’s no one-size-fits-all, once-and-for-all solution to providing children with every aspect of online child safety. Rather, it takes a comprehensive ‘toolbox’ from which parents, educators, and other safety providers can choose tools appropriate to children’s developmental stages and life circumstances, as they grow” (page 5). Our children, like the technology they use, are constantly changing and as parents and those who regularly work with youth, we have a responsibility to evolve with both.

Over the next couple of weeks, Sameer and I will continue to break down the Report and discuss specific issues that are relevant to our efforts at the Cyberbullying Research Center. We certainly encourage everyone to read the complete report because if you follow this blog, you are not only likely interested in its analysis, recommendations, and conclusions, but are no doubt an important part of the solution moving forward. As the authors point out, a summary report like this is only a first step. What is done with the report will be the real test of its significance. Take a moment to recognize the role you play, as a teacher, administrator, law enforcement officer, researcher, parent, teen, or any of the other numerous pieces of this important puzzle. What can you do today that will help youth be safer online tomorrow?

What is your Online Reputation?

Posted by Justin W. Patchin on May 28, 2010

I have been talking a lot lately about online reputation with teens. I think it is important for youth to recognize that anything they put online and anything they do offline that gets posted online, could end up being immortalized on the World Wide Web. I advise students to start thinking about their online reputation at an early age – the earlier the better. I begin this discussion by asking them if they have ever ‘Googled’ themselves and ask them to think about what came. Is it anything good? How about something embarrassing or even inappropriate? I tell them that without a doubt others are exploring the Internet for information. Friends, adults in their lives, and future employers, among others, will search for them online and judge them and base decisions about jobs or other opportunities based on what they find out. In fact, a recent study sponsored by Microsoft found that 79% of recruiters and human resources managers review information about potential employees that is available online, and 70% said they disqualified applicants due to what they found.

I suggest that teens (and adults for that matter) work extra hard to do great things at school and in the community (e.g., making the honor roll, volunteering, extra-curricular activities, etc) so that when one does search for them, they find evidence of hard work, integrity, and civic-mindedness. This is especially important if a teen does make a mistake and posts something inappropriate online – they want to bury the bad with good things. This can also be useful if someone is cyberbullying or harassing students by posting rumors or hurtful comments about them in a way that might show up in a search. In fact it is difficult if not impossible to completely prevent someone from smearing you electronically – the best approach is to create an online reputation that emphasizes the positives and minimizes any of the negatives. What have you done lately that might be found online that others might judge you on?

Should Teens Have a Computer in Their Bedrooms?

Posted by Justin W. Patchin on May 18, 2010

If you look at any “Top Ten List of Ways to Keep Your Kids Safe Online” that you find on the Internet, no doubt one of the recommendations that you will find near the top is: “Keep the family computer in a common area of the house.” While this is sage advice, it is also overly simplistic. First of all, everyone has a friend who has a computer in their bedroom. In fact, 56% of youth in our most recent survey reported that they had a computer that was connected to the Internet in their bedroom at home. So your child will simply go to someone else’s house to surf in privacy. Second, they can often access the Internet at school or at the local library. You might think that filters will prevent your child from accessing inappropriate content, but think again. Ask your typical teen and they can talk you through ways around filters. And while teachers and librarians try to monitor computer usage, it can be difficult to continuously watch. Finally, if your child has a web-enabled cell phone, they have a computer in their pocket – no need for a big clunky machine in their bedroom. Nearly 50% of the students in our most recent survey said they could access the Internet from their cell phone.

I tend to take a slightly different view of this particular problem than most. Without a doubt, parents need to monitor what their kids are doing online. But instead of completely prohibiting access at home or in one’s bedroom, consider being more creative. For example, maybe you allow your teen to have the family laptop in their rooms for one hour each night for approved purposes only (e.g., homework). You tell your daughter that you have installed tracking software and that you will review everything that she has done on the computer on a regular basis and if she violates the agreed-upon rules, the technology will be taken away. On the other hand, if she demonstrates responsibility over a period of time, then additional privileges will gradually be granted. For example, maybe at some point you allow your child to go onto Facebook for up to an hour per day (after homework and housework is done!). Another condition of Facebook usage might be that they help you (the parent) set up your own profile and then they must be your friend. That way you can see everything that your child is doing on the site and ask them about unwise postings or unfamiliar people. Doing this at a relatively early age (13 or 14) will help to instill responsible practices at an age when they will still listen to you. If you wait until they are older (16 or 17), you will likely miss the boat and they may have already established questionable practices.

In short, I would like to suggest that parents be creative about encouraging responsible technology usage. Don’t assume that your child will have the knowledge necessary to make good decisions while online. We take a long time to teach our kids how to drive a car, and eventually we have to let them drive alone. We only do this after many many hours of practice and instruction. Some will get into accidents or receive speeding tickets. Many will not. The same is true with technology. If given instruction and guidance, I am confident that most teens will avoid the pitfalls associated with technology. Ultimately, parents themselves are the best judge of their child’s ability to be responsible, and frankly some kids will not respond well to the added responsibility and privilege. Parents know when to sign their child up for driver’s education classes, when to have them get behind the wheel for the first time, and when to turn them loose on their own (after getting their license or course). Parents also have a responsibility to ride shotgun with their kids on the information superhighway. Putting the time in early will pay dividends over the long haul.

Should Parents Ban Access to Facebook?

Posted by Justin W. Patchin on May 11, 2010

Our colleague Anne Collier from NetFamilyNews made us aware of an email that Anthony Orsini, a middle school principal from New Jersey, sent to parents a couple of weeks ago imploring them to prohibit their children from participating in social networking sites. As reported on CBS and elsewhere, the letter Orsini sent to parents included the following text:

“Please do the following: sit down with your child (and they are just children still) and tell them that they are not allowed to be a member of any social networking site. Today! … There is absolutely no reason for any middle school student to be a part of a social networking site! Let me repeat that – there is absolutely, positively no reason for any middle school student to be a part of a social networking site! None.”

Sameer and I have been exploring adolescent social networking for almost 5 years and even though we see the worst of the worst in terms of behaviors, we also agree that such examples represent the exception, not the rule. In general, we believe the benefits of social networking outweigh the negatives and potential risks, if youth learn to use the sites responsibly. It is certainly a very good idea for parents to talk to their kids about what they are doing online, though simply banning access to technology, without just cause, is a big mistake. For one thing, it is literally impossible for parents to completely prevent their children from participating in social networking. If they really want to be on social networking sites, they will find a way to get on: they will go to a friend’s house or log on at the library or pursue underground social networking sites that are less well known or regulated.

It is a much better strategy for parents to carefully express their concerns about these environments and teach youth how to be responsible online. Tell them that it isn’t a good idea to accept as friends those who they do not know and trust in real life. Demonstrate the dangers of posting too much personal information online. Show them how to use the privacy settings. Provide them with examples from the media where teens have gotten into trouble for misusing social networks. Our research suggests that teens are listening and improving social networking practices! Print this out and give it to them. Odds are they will be just fine if they abide by these commonsense guidelines.

Then, have your kids help you set up a Facebook page and tell them that they need to be your friend. That way you can see everything they are doing on the site and you can remind them about what you talked about if they slip up. And you can send them gifts on Farmville.

It is very important that parents and others work to instill responsible practices in youth at a relatively early age – when they will still listen. Banning access is a short-term solution that will likely create additional problems in the future when teens eventually do go online and don’t have the skills necessary to responsibly navigate the World Wide Web.

By the way, as Anne points out on her blog, the same week that the New Jersey principal distributed the email encouraging parents to ban participation in Facebook, the Boston Globe reported that Obama’s pick for Teacher of the Year regularly uses Facebook in her classes. As you know, we have discussed the issue of teachers interacting with teens online in multiple posts on this blog. While I am not sure that we have come to any definitive conclusion, it is interesting to see examples from both sides of the issue come up in the news recently. What do you think: prohibit or promote the use of online social networking?